Symantec explain how access tokens, or 'spare keys' that are granted to you by Facebook, can be used to authorise certain actions on behalf of the user. These are set up by the application installed, through the permission request box. Though these keys will expire after a short time, some of these tokens allow applications to access your data while you are not using the site.

It is suggested could have Facebook passed on these access tokens in the URL to the application developers, which could then be passed on unknowingly to advertisers and other third parties.

Facebook denies these claims, stating that there are "inaccuracies" and that a thorough investigation showed "no evidence" that information was being sent to third parties.

This is not the first time Facebook has suffered a breach. Not only has it had to contend with its own internal code reaching the public site, which led to a full site shutdown late last year, but has also been targeted by malicious code writers and suffered serious worm attacks through rogue applications.

Thank You

By registering you become a member of the CBS Interactive family of sites and you have read and agree to the Terms of Use, Privacy Policy and Video Services Policy. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services.
You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.